International cooperation key to counter cyber threat

The prospect of cyber terrorists seizing control of nuclear weapons may seem unfathomable to many, but it appeared credible enough to several U.S. senators. Source: Shutter Stock / Legion Media

Cyber terrorism and WMD terrorism coming together would present the ultimate nightmare, especially given how difficult it is to deter either of these threats.

What is it that worries U.S. spymasters
most these days? My bet is that it is America’s cyber security or lack of it
perhaps.

The anxiety is more than justified given
the increasing sophistication and frequency of cyber attacks on U.S. government
bodies, organizations and companies.

But attempts to build a digital Fortress
America will prove futile unless the United States reaches out to other major
powers in creating the rulebook on the use of cyber force and coordinates its
response to cyber terrorism.

“We face new and unpredictable cyber
threats” that pose an “increasing risk to U.S. critical infrastructure,”
Director of National Intelligence (DNI) James Clapper warns in “Worldwide
Threat Assessment of the U.S. Intelligence Community,” which he recently
presented to the Senate Intelligence Committee.

And while “advanced cyber actors — such as
Russia and China — are unlikely to launch a devastating attack against the
United States … less advanced but highly motivated actors could access some
poorly protected U.S. networks that control core functions” to stage attacks
that might have unforeseen, cascading consequences, according to the report.

Cyber attacks top the hierarchy of global
threats outlined in the DNI assessment for a good reason. (By way of
comparison, Russia’s nuclear arsenal, once deemed America’s foremost threat, is
not mentioned until the end of the report.)

America’s successes in dismantling Al-Qaeda
and the implosion of the Soviet empire have significantly lowered the
likelihood of either direct military action or large-scale terrorist attacks on
U.S. soil.

But that’s in the offline world. Digitally,
America is under attack.

The number of online attacks on U.S.
infrastructure increased by 17 times between 2009 and 2011, according to
National Security Agency director Gen. Keith Alexander, who is incidentally
also head of U.S. Cyber Command.

Web-based crime incurs annual costs of $114
billion to U.S. companies, Alexander said last year.

Countries identified by Washington as
sources of the frequent attacks against the United States are no less
vulnerable to such threats.

The government and research organisations
in Russia were prime targets of sophisticated espionage efforts carried out
throughout the former Soviet Union and beyond over a five-year period until
they were discovered by Kaspersky Lab. The Moscow-based company disclosed its
finding of the data-mining operation, which it dubbed “Operation Red October,”
in January 2013.

The Chinese Defence Ministry disclosed in
February that a monthly average of 144,000 cyberattacks was staged against its
own website and the China Military Online site in 2012.

The ministry claimed that almost two-thirds
of these attacks originated from IP addresses in the United States.

Meanwhile, U.S. intelligence points to
China as the starting place for the most aggressive and numerous attempts at
breaching U.S. cyber security. Elements based in Russia, Iran and other
countries are identified as less active cyber intruders.

Going by information in the open domain,
they’re not even in the same league as the creators of the Stuxnet worm and
Flame malware that disrupted and spied on Iran’s nuclear program respectively.

Related:

The U.S. government is said to be planning
to more than quadruple the size of Alexander’s Cyber Command, which is already
900 people strong. The reinforcements will include 13 teams of specialists that
would be tasked with conducting offensive operations, according to America’s
cyber commander-in-chief.

Others are following suit.

Russian Defence Minister Sergei Shoigu
earlier this year ordered the General Staff to draft a proposal for the
establishment of a Cyber Command within six months.

But do these reinforcements herald the
beginning of a cyber arms race? Hopefully, they do not.

It was not until the U.S. and Russia had
realized the futility of the atomic arms race that they got serious about
nuclear weapons control. The hope is that world leaders will start working on
an international framework to regulate the use of force and counterforce in
cyber space _ preferably under the auspices of the United Nations _ before the
virtual arms race becomes a reality.

An even more pressing priority will be
thinking of effective responses to cyber threats posed by non-state actors to
key national assets, such as critical infrastructure and weapons of mass
destruction (WMD). When doing so, it is
important to steer clear of anything that would allow authoritarian regimes to
refer to international law when justifying restrictions on cyber liberties.

A number of top U.S. officials have
confessed to feelings of horror at the prospect of terrorists acquiring weapons
of mass destruction. (George Tenet, Robert Gates, Michele Flournoy have
admitted that this threat kept them awake at night during their tenures as DNI, Secretary of
Defence and Undersecretary of Defence respectively).

Cyber terrorism and WMD terrorism coming
together would present the ultimate nightmare, especially given how difficult
it is to deter either of these threats.

As my respected colleague Joseph Nye has
warned when making a case for international cooperation against cyber
terrorists and criminals: “The bad news is that cyber technology gives much
more power to non-state actors than does nuclear technology, and the threats
such actors pose are likely to increase.”

The prospect of cyber terrorists seizing
control of nuclear weapons may seem unfathomable to many. But it appeared
credible enough to U.S. senators who asked Alexander’s boss and chief of U.S.
Strategic Command, Robert Kehler, to find out whether other nuclear powers are
able to defend their nuclear weapons from cyber attacks.

In his March 12 testimony before the
Senate, Kehler assured legislators that “we do evaluate” the potential for a
cyber-related attack on U.S. nuclear command and control systems.

But are the digital defences of America’s
nuclear weapons fully bullet-proof? A
January report on cyber threats published by the Pentagon's Defence Science
Board states that “most of the systems” of the U.S. nuclear deterrent “have not
been assessed (end-to-end) against (sophisticated) cyber attack to understand
possible weak spots.”

In one incident in 2010, the U.S. Air Force
lost contact with 50 intercontinental ballistic missiles. That event prompted
generals to pause and think whether what had happened as result of an accident
could be repeated by cyber terrorists.

All responsible nations should act to
harden their cyber defences and to cooperate in ensuring that weapons of mass
destruction cannot become offensive tools wielded against them by digital terrorists.

There is simply no alternative to the
collective approach in today’s world, which New York Times columnist Thomas
Friedman has described as “hyperconnected” at least 13 times in the past two
years.